In this exercise, you will learn and practice several common commands using PowerShell on a Windows system.
On the taskbar, right-click the Windows Start icon, and select Windows PowerShell (Admin) to open a new PowerShell window. When prompted, click Yes to continue.
At the PowerShell prompt, type cmd and press Enter to drop into the Windows CLI. While you can run Windows commands directly in PowerShell, there are cases where the PowerShell interpreter gets in the way.
Notice first that the Windows prompt tells you where you are on the system: C:\Windows\System32.
At the command prompt, type whoami and press Enter to see your user name.
The format will be servername\username. In this case, you are on the EC2AMAZ-MVQDHPB server as the cybrary user.
At the command prompt, type cd %HOMEPATH% and press Enter to change directory to the home directory (C:\Users\cybrary).
At the command prompt, type dir and press Enter to display the contents of the current directory.
You can also view files and folders using the tree command.
At the command prompt, type help dir and press Enter to display the help manual for the dir command.
You can use the help command to find interesting command line switches. Notice that even this simple command has a wealth of options.
At the command prompt, type dir /S /P and press Enter to see all files and folders under C:\Users\cybrary. The /P will apply a pause between each screen. Press any key to see the next screen. Press CTRL-C to break out of the dir listing.
Note: Most of the time, you can use a lowercase letter as a command switch, as Windows is case-insensitive. So, dir /s /p would also work.
At the command prompt, type mkdir apple1 apple2 apple3 and press Enter to make three new directories under the cybrary directory.
At the command prompt, type dir apple* and press Enter to see the new directories.
Note: The * character is a wildcard. In the example above, apple* will find anything starting with "apple".
At the command prompt, type echo The cow says moo. > apple1\cow.txt and press Enter to create a text file in the apple1 directory called cow.txt. Notice there are no quotes needed when using echo. Note: The “>” character means redirect.We are redirecting the output of the echo command to the cow.txt file. There are two redirectors: ">" and ">>" where ">" will overwrite an existing file while ">>" will append to an existing file.
At the command prompt, type dir apple1 and press Enter to confirm the existence of cow.txt in the apple1 directory.
At the command prompt, type type apple1\cow.txt and press Enter to display the contents of the cow.txt file.
At the command prompt, type type apple1\cow.txt >> apple3\manycows.txt and press Enter to send the contents of apple1\cow.txt to apple3\manycows.txt. Repeat this two more times. Will manycows.txt be appended to or overwritten?
At the command prompt, type type apple3\manycows.txt and press Enter to see the contents of manycows.txt. Notice "The cow says moo." was appended three times. If you had used ”>” instead of “>>”, the file would have been overwritten each time.
At the command prompt, type copy apple1\cow.txt apple2\notacow.txt and press Enter to create a copy of the cow.txt text file into a new file called notacow.txt in the apple2 directory. Execute type apple2\notacow.txt to confirm that notacow.txt contains the exact text as cow.txt.
At the command prompt, type dir /s /b | findstr apple | findstr .txt and press Enter to run a search for any .txt files with the word apple in the file name.
Here is how this command breaks down: dir /s /b - list all files and subfolders. |- pipes the output of the dir command into findstr. findstr apple - looks for any file with apple in the file name |- pipes the output of the first findstr command to the second findstr command. findstr .txt - looks for any file with .txt in the file name The findstr command is a versatile tool that's used to search the contents of files from the command line. The basic syntax of the command is findstr "keyword" filename. For example, you could run findstr "moo" notacow.txt to look up the string "moo" in the notacow.txt file. If you're trying to locate a file in your current directory containing a specific string, but you don't know which file, you can run findstr "keyword" *. The wildcard character will instruct findstr to search all files in the current directory. It's also worth noting that while the Windows command line is not case sensitive, findstr is. Note: One great learning exercise is first to run dir /s /b, then dir /s /b | findstr apple, andfinally dir /s /b | findstr apple | findstr .txt to see how the piping helps filter down to the data we want. Try it!
At the command prompt, type rename apple2\notacow.txt reallyacow.txt and press Enter to rename notacow.txt to reallyacow.txt. Execute dir /s /b | findstr apple | findstr .txt to confirm your work.
At the command prompt, type move apple3\manycows.txt apple2 and press Enter to move manycows.txt from the apple3 directory to apple2. Execute dir /s /b | findstr apple | findstr .txt to confirm your work.
At the command prompt, type copy apple2\manycows.txt apple3 and press Enter to copy manycows.txt to the apple3 directory. Notice we did not rename the file for this copy. Execute dir /s /b | findstr apple | findstr .txt to confirm your work.
At the command prompt, type del apple2\manycows.txt and press Enter to delete manycows.txt from the apple2 directory. Execute dir /s /b | findstr apple | findstr .txt to confirm your work.
Note: You were not prompted to confirm the deletion and notice the file is not in the Recycle bin. When you use the del command, the file is removed and gone. To be safe, use the del /p option to prompt for confirmation before deleting files. You can also use the erase command, which is identical to the del command.
At the command prompt, type mkdir one\two\three and press Enter to create a nested set of directories. Execute tree one to confirm your work.
At the command prompt, type rmdir one and press Enter to remove the "one" directory. Notice you cannot remove one because it is not empty.
At the command prompt, type rmdir /s one and press Enter to remove one and all subdirectories. When asked to confirm, type Y and press Enter, then execute tree one and take note of the error, as one and all subdirectories are now gone.
At the command prompt, type doskey /history to view all the commands you have issued thus far.
Unlike the Linux history command, the doskey /history is cleared when the command window is closed. On the other hand, PowerShell will remember all commands even between reboots. Now let's move into some useful system administration commands.
At the command prompt, type systeminfo and press Enter to display detailed information about the server's system configuration.
At the command prompt, type tasklist and press Enter to view all the processes running currently on your lab server. Try tasklist /v as well.
At the command prompt, type date /t and press Enter to see the current date, then type time /t and press Enter to see the current time.
Note: If you do not use the /t option, you will be prompted for a new date and time. You can just hit Enter to accept the current date and time.
At the command prompt, type sc query | more and press Enter to view active services and drivers. Press Enter to advance one line or the Space Bar to advance one page at a time.
Note: The sc command can stop and start Windows services. Explore this command with care. The more command is similar to its Linux counterpart.
At the command prompt, type net and press Enter to display Windows's special "net" commands.
The net command can view and modify users, groups, shares, and more.
At the command prompt, type net user and press Enter to list all local user accounts.
At the command prompt, type net help user and press Enter to display the help guide for the net user command.
At the command prompt, type net localgroup and press Enter to list all groups on the lab server.
At the command prompt, type net accounts and press Enter to view the current password requirements.
Note: The net command is a "Swiss army knife" for Windows command line system administration. Aspiring Red Teamers should master everything this command can do. Next, we will learn some basic networking commands for Windows systems.
At the command prompt, type ipconfig and press Enter to view the IP address, subnet mask, and gateway. In the output below, the IP address is 10.91.17.58, the network is 10.91.17.0/24, and the gateway is 10.91.17.1.
An IP address is written first_octet.second_octet.third_octet.fourth_octet. Take note of the first threeoctets in your output. You will need it for the next step.
At the command prompt, type for /L %a in (1,1,255) do @ping -n 1 -w 10 x.y.z.%a > null && echo x.y.z.%a is up! and press Enter, replacing x.y.z with the first three octets you noted in the step above.
This command is referred to as a ping sweep. Ping stands for packet internet groper. Its purpose is to see if a host is reachable. By using a for loop and ping together, it is possible to find out if there are other hosts on a given network. Let’s break this command down: for /L %a (1,1,255) means "count from 1 to 255 and assign that value to a variable called %a" do @ping -n 1 -w 10 x.y.z.%a means "ping each address one time and wait 10 milliseconds" > null means "discard the output" && checks to see if the ping is successful and if it is, echo x.y.z.%a is up! The ping sweep will take a few minutes to complete. The command prompt will return when it's finished.
At the command prompt, type ping 8.8.8.8 and press Enter to verify if Google's public DNS servers are reachable from the lab server.
At the command prompt, type nslookup www.moo.com 8.8.8.8 and press Enter to look up the IP address for the www.moo.com web server using the 8.8.8.8 public DNS server.
At the command prompt, type netstat -ant and press Enter to view all the current TCP and UDP network connections to and from your lab server.
The netstat command is used to display network statistics for the Windows host. Netstat shows both established connections and ports that are listening. You have completed the guided portion of the lab. We hope you enjoyed this brief tour of the Windows command line! Be sure to complete the questions on the Tasks tab, then proceed to the challenge exercise.